General
-
Target
d8c4f0bb55040ead44e31a083886baa9
-
Size
1.1MB
-
Sample
201117-3zmq8csnja
-
MD5
2a1c75e5e80e13efb9f8e98044bb44c8
-
SHA1
7a4a2199dbfe00d57114e8378869277b3afa728d
-
SHA256
ab3c113121c1fdfde39a4ce53d6f38490f6393d847d14e727aa5260594e88c79
-
SHA512
bbb7ac2a84358cb155927922da87ce3f456afa783f049977c250b68342c17a1080bad9e4c1854af38b06f6da5e9548260cdc0390b84dbfc3a0f06cf7b63c38e6
Static task
static1
Behavioral task
behavioral1
Sample
d8c4f0bb55040ead44e31a083886baa9.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
smtp.casalsmd.com - Port:
587 - Username:
carolina@casalsmd.com - Password:
Carolina123
Targets
-
-
Target
d8c4f0bb55040ead44e31a083886baa9
-
Size
1.1MB
-
MD5
2a1c75e5e80e13efb9f8e98044bb44c8
-
SHA1
7a4a2199dbfe00d57114e8378869277b3afa728d
-
SHA256
ab3c113121c1fdfde39a4ce53d6f38490f6393d847d14e727aa5260594e88c79
-
SHA512
bbb7ac2a84358cb155927922da87ce3f456afa783f049977c250b68342c17a1080bad9e4c1854af38b06f6da5e9548260cdc0390b84dbfc3a0f06cf7b63c38e6
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-